A crypto hacker specializing in “address poisoning attacks” has successfully stolen over $2 million from users of Safe Wallet in just the past week, bringing the total number of victims to 21.
On December 3, the Web3 scam detection platform Scam Sniffer reported that approximately ten Safe Wallets had lost $2.05 million to these attacks since November 26. Data from Dune Analytics, compiled by Scam Sniffer, indicates that the same attacker has stolen at least $5 million from around 21 victims over the past four months.
Scam Sniffer highlighted a case where one victim, who had $10 million in crypto in a Safe Wallet, “luckily” lost only $400,000. Address poisoning involves the attacker creating a wallet address that closely resembles the victim’s regular transaction address, often matching the beginning and ending characters.
The hacker typically sends a small amount of cryptocurrency from this newly-created wallet to the target, thereby “poisoning” their transaction history. An unsuspecting victim might then mistakenly copy this similar-looking address from their transaction history, sending funds to the hacker’s wallet instead of the intended recipient.
Cointelegraph has contacted Safe Wallet for a statement regarding these incidents.
A notable recent address poisoning attack, believed to be by the same perpetrator, occurred on November 30. Florence Finance, a real-world asset lending protocol, lost $1.45 million in USDC. Blockchain security firm PeckShield reported the incident, noting how the attacker might have tricked the protocol using an address that started with “0xB087” and ended with “5870.”
In November, Scam Sniffer reported that hackers have been exploiting Ethereum’s ‘Create2’ Solidity function to circumvent wallet security alerts. This exploitation has led to Wallet Drainers stealing approximately $60 million from almost 100,000 victims over six months. Address poisoning is one of the methods used in these thefts. The Create2 function allows for the pre-calculation of contract addresses, enabling malicious actors to generate new, similar wallet addresses. These addresses are then deployed after the victim authorizes a fraudulent signature or transfer request.
The security team at SlowMist reported that a group has been using Create2 since August to “continuously steal nearly $3 million in assets from 11 victims,” with one victim losing as much as $1.6 million.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up